Professional Documents
Culture Documents
SOP 03 Pengelolaan Jaringan
SOP 03 Pengelolaan Jaringan
INDONESIA
PROSES PENGELOLAAN JARINGAN Rev. :0
Network Connectivity
Dial-In Connections
Access to Practice information resources through modems or other dial-in devices /
software, if available, shall be subject to authorization and authentication by an access
control system. Direct inward dialing without passing through the access control system is
prohibited.
Systems that allow public access to host computers, including mission-critical servers,
warrant additional security at the operating system and application levels. Such systems shall
have the capability to monitor activity levels to ensure that public usage does not
unacceptably degrade system responsiveness.
Dial-up access privileges are granted only upon the request of a department head with the
submission of the Network Access Form and the approval of the Privacy Officer or
appropriate personnel.
Telecommunication Equipment
Certain direct link connections may require a dedicated or leased phone line. These facilities
are authorized only by the Privacy Officer or appropriate personnel and ordered by the
appropriate personnel. Telecommunication equipment and services include but are not
limited to the following:
phone lines
fax lines
calling cards
phone head sets
software type phones installed on workstations
conference calling contracts
cell phones
Blackberry type devices
PT GREEN SOURCE STANDARD OPERATING PROCEDURE SOP NO: IT/03
INDONESIA
PROSES PENGELOLAAN JARINGAN Rev. :0
Permanent Connections
The security of Practice systems can be jeopardized from third party locations if security
practices and resources are inadequate. When there is a need to connect to a third party
location, a risk analysis should be conducted. The risk analysis should consider the type of
access required, the value of the information, the security measures employed by the third
party, and the implications for the security of Practice systems. The Privacy Officer or
appropriate personnel should be involved in the process, design and approval.
Applicable sections of the Practice Information Security Policy have been reviewed
and considered.
Policies and standards established in the Practice information security program
have been enforced.
A risk assessment of the additional liabilities that will attach to each of the parties to
the agreement.
The right to audit contractual responsibilities should be included in the agreement or
SOW.
Arrangements for reporting and investigating security incidents must be included in
the agreement in order to meet the covenants of the HIPAA Business Associate
Agreement.
A description of each service to be made available.
Each service, access, account, and/or permission made available should only be the
minimum necessary for the third party to perform their contractual obligations.
A detailed list of users that have access to Practice computer systems must be
maintained and auditable.
If required under the contract, permission should be sought to screen authorized
users.
PT GREEN SOURCE STANDARD OPERATING PROCEDURE SOP NO: IT/03
INDONESIA
PROSES PENGELOLAAN JARINGAN Rev. :0
Firewalls
Authority from the Privacy Officer or appropriate personnel must be received before any
employee or contractor is granted access to a Practice router or firewall.